System, method, and apparatus for securely providing content viewable on a secure device

System, method, and apparatus for securely providing content viewable on a secure device
US7640435

A system, apparatus, and method are directed to providing and securely viewing secure content. In one embodiment, a secure player provides secure screening/previewing of secure content, such as a motion picture, by a member of an awards organization. A content key is employed to selectively encrypt at least a portion of a content stream. The content key is encrypted with a screener key. The encrypted content key is embedded into the secure content. The screener key is encrypted using public/private key pair that is bound to the secure player. The secure content may be distributed on a medium, such as a DVD, high definition DVD, and the like. The secure player is configured to receive the medium, screener key, and a screener identity. The screener identity and screener key are employed by the secure player to decrypt and enable secure viewing of the content.

PTO Wrapper PDF
Dossier Espace Google

Patent 7640435
Priority Mar 18 2003
Filed Dec 27 2005
Issued Dec 29 2009
Expiry Feb 09 2026 TERM.DISCL. Extension 751 days
Inventors Morten, Gl…
Assg.orig Widevine T…
Assg.curr GOOGLE LLC
Entity Large
Referenced by 123
References 136
Maint.: all paid

CROSS REFERENCE TO R…
FIELD OF THE INVENTI…
BACKGROUND OF THE IN…
BRIEF DESCRIPTION OF…
DETAILED DESCRIPTION…

1. An apparatus for providing a secure content stream for use in a player, the apparatus comprising:

a receiver component that is arranged to receive an unencrypted content stream; and

a processor component that is arranged to perform actions, including:

selectively encrypting at least a portion of the unencrypted content stream using a content key;

generating a key package comprising the content key;

encrypting the key package using a screener key;

encrypting the screener key employing a public key bound to the player such that the public key is unique to the player; and

embedding the encrypted key package into the selectively encrypted content stream.

16. A method for securely playing a content stream, comprising:

selectively encrypting at least a portion of the content stream using a content key;

encrypting the content key using a screener key; and

encrypting the screener key using a public key that is associated with a private key, the public key and the private key being bound to a player such that the public key and the private key are unique to the player, wherein the player is in communications with a cellular phone, the cellular phone being configured to receive at least one of the selectively encrypted content stream, an identity module useable to enable access to the screener key, or the encrypted screener key.

9. A computer-readable medium having computer-executable components for use in playing a content stream, the computer-executable components comprising:

a content media sub-system that is configured to receive selectively encrypted content that is encrypted using a content key, the content key being subsequently encrypted using a screener key that is in turn subsequently encrypted using a public key; and

a decryption engine that is operative to perform actions, including:

receiving the selectively encrypted content stream from the content media sub-system;

receiving the encrypted screener key;

decrypting the screener key using a private key associated with the public key, the private key being constrained to the apparatus; and

employing the decrypted screener key to decrypt the content key; and

employing the content key to decrypt the selectively encrypted content stream.

2. The apparatus of claim 1, wherein the selectively encrypted content stream is further configured for delivery to another apparatus using a delivery content media technology.

3. The apparatus of claim 2, where the delivery content media technology further comprises a network.

4. The apparatus of claim 1, wherein the encrypted screener key is further configured for delivery over a network.

5. The apparatus of claim 1, wherein selectively encrypting at least a portion of a content stream further comprises:

selectively encrypting at least a portion of a video component or an audio component of the unencrypted content stream; and

enabling at least another portion of the video component or the audio component of the content stream to remain unencrypted.

6. The apparatus of claim 1, wherein the player is in communications with a cellular phone that is configured to receive at least one of the selectively encrypted content stream or the encrypted screener key.

7. The apparatus of claim 1, wherein the player is configured to employ an identity module to enable access to the encrypted screener key.

8. The apparatus of claim 7, wherein the identity module further comprises enabling access using at least one of a biometric mechanism, a smart card, a user name/password, or a touch-pad code entry mechanism.

10. The computer-readable medium of claim 9, further comprising:

an identity module that is configured to enable access to the screener key.

11. The computer-readable medium of claim 10, wherein the identity module employs at least one of biometry, a smart card, or a user name/password to enable access.

12. The computer-readable medium of claim 9, wherein receiving the encrypted screener key further comprises receiving the encrypted screener key over a network.

13. The computer-readable medium of claim 9, wherein the selectively encrypted content is received over a network.

14. The computer-readable medium of claim 9, wherein the computer-executable components are at least one of within or coupled to a cellular phone.

15. The computer-readable medium of claim 9, wherein the selectively encrypted content stream further comprises at least a portion of an elementary stream that is encrypted and another portion of the elementary stream that is unencrypted.

17. The method of claim 16, wherein the selectively encrypted content stream is further configured for delivery to another apparatus using a delivery content media technology, wherein the delivery content media technology includes at least one of a DVD, CD, or a network.

18. The method of claim 16, wherein the encrypted screener key is further configured for delivery over a network.

19. The method of claim 16, wherein the encrypted screener key is further configured for delivery using a smart card.

20. The method of claim 16, wherein selectively encrypting at least a portion of a content stream further comprises:

selectively encrypting at least a portion of the unencrypted content stream, while at least another portion of the content stream remains unencrypted.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation patent application of U.S. patent application Ser. No. 10/760,642, filed Jan. 20, 2004, and claims the benefit under 35 U.S.C. §120, which in turn claims the benefit of U.S. Provisional Application Ser. No. 60/455,723, filed Mar. 18, 2003, the benefit of the earlier filing date of which is hereby claimed under 35 U.S.C. § 119 (e), and wherein both applications are further incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to data security, and more particularly, to a system, and method, and apparatus for providing and securely playing secure content.

BACKGROUND OF THE INVENTION

Digital Versatile Discs (DVDs) are potentially the fastest growing and most rapidly adopted consumer electronics product of today. Interestingly, one of the main reasons that the DVD format is so innovative and attractive to consumers and the entertainment industry is exactly what makes it potentially vulnerable to illicit copying. Because DVDs store movies in a digital format that is perfectly reproducible every time movies are recorded and played on DVDs, for the first time one can view movies at home with crystal clarity and high quality audio. Additionally, the fact that the movies are stored digitally also means it is possible for movie companies, and others, to make virtually an infinite number of essentially perfect copies of DVD movies.

Such quality and ease of reproduction has made it extremely convenient for movie companies, for example, to send out thousands of pristine copies of first edition movies to members of the Academy of Motion Picture Arts and Sciences. These DVDs typically are intended to be viewed only by those individuals who vote for Oscars and other industry awards. However, many of the DVDs have fallen into unauthorized hands and have become the digital blueprint for bootleggers who have copied the DVDs and distributed them both online and in shops abroad. Many such films then show up in pirated DVD form, and the like, shortly after their release into the theaters—and sometimes sooner. Since it is preferable to continue to use a high quality digital medium, such as DVDs, to distribute motion pictures, providing a relatively high level of security to protect the content is desirable. Unfortunately, the illicit copies are of such high quality that movie companies, and the like often lose millions of dollars as a result. In addition, many other content owners in the entertainment industry remain reluctant to provide content on DVDs until such content protection is available. Therefore, it is with respect to these considerations and others that the present invention has been made.

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments of the present invention are described with reference to the following drawings. In the drawings, like reference numerals refer to like parts throughout the various figures unless otherwise specified.

For a better understanding of the present invention, reference will be made to the following Detailed Description of the Preferred Embodiment, which is to be read in association with the accompanying drawings, wherein:

FIG. 1 illustrates an exemplary environment in which the present invention may be practiced;

FIG. 2 illustrates a block diagram of an exemplary apparatus for enabling the viewing of secure content;

FIG. 3 illustrates one embodiment of a content stream for providing secure content;

FIG. 4 illustrates a flow diagram generally showing one embodiment for an end-to-end process of providing and viewing secure content;

FIG. 5 illustrates a flow diagram generally showing one embodiment for a process of generating secure content; and

FIG. 6A-6B illustrate a flow diagram generally showing one embodiment for a process of viewing secure content, in accordance with the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

In the following detailed description of exemplary embodiments of the invention, reference is made to the accompanied drawings, which form a part hereof, and which is shown by way of illustration, specific exemplary embodiments of which the invention may be practiced. Each embodiment is described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the appended claims.

Throughout the specification and claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise.

The terms “coupled,” and “connected,” includes a direct connection between the things that are connected, or an indirect connection through one or more either passive or active intermediary devices or components.

The term “screener,” includes media content, and the like, that is to be viewed/screened, and otherwise enjoyed by a user, member of an awards organization, and the like. The term “screener” may also include a content media, such as a DVD, high definition formatted DVD, and the like.

The meaning of “a,” “an,” and “the” include plural references. The meaning of “in” includes “in” and “on.”

Briefly stated, the present invention is directed to a system, apparatus, and method for securely providing secure content viewable on a secure player by a selected user. In one embodiment, the secure player is configured to receive a computer readable medium, such as a DVD. However, the invention is not limited to DVDs. For example, it is envisioned that the invention may be configured to securely provide and view secure content on other mediums, including but not limited to high quality digital media, such as High Definition DVDs, and the like.

Illustrative Environment

FIG. 1 is a functional block diagram illustrating an exemplary operating environment 100 in which the invention may be implemented. Operating environment 100 is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the present invention. Thus, other well-known environments and configurations may be employed without departing from the scope or spirit of the present invention.

As shown in the figure, operating environment 100 includes content owner 102, processor 104, distributor 106, screener key module(s) 108 (1 through N), content media 112 (1 through N), and user(s) 114 (1 through N). Processor 104 is in communication with content owner 102 and distributor 106. Distributor 106 is also in communication with screener key module(s) 108 (1 through N) and content media 112 (1 through N). User(s) 114 (1 through N) are also in communication with screener key module(s) 108 (1 through N) and content media 112 (1 through N).

Content owner 102 includes producers, developers, and owners of media content that can be distributed to user(s) 114. Such content, sometimes called screeners, includes motion pictures, movies, videos, and the like. However, content owned by content owner 102 is not limited to video content only, and may include audio only services, without departing from the scope or spirit of the present invention. Thus, content is intended to include, but is not limited to, audio, video, still images, text, graphics, and other forms of content (screeners) directed towards user(s) 114.

Processor 104 receives content from content owner 102, selectively secures at least a portion of that content, and provides the secured content to distributor 106, as described in more detail below in conjunction with FIG. 5. Briefly, however, processor 104 creates and embeds in a stream of the received content, selected information, such as a content key for decryption, a content identifier, access constraints, rights, entitlements, and the like. In one embodiment, the selected information is packaged into at least one key package (not shown), each of which is encrypted employing at least one screener key. In another embodiment, each content key is encrypted employing at least one screener key. In one embodiment, the content identifier may be left in the clear.

The screener key(s) may be generated using any of a variety of encryption/decryption symmetric key mechanisms, including, but not limited to RSA algorithms, Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), Skipjack, RC4, Advanced Encryption Standard (AES), and the like. In one embodiment, the screener key(s) employ a 256-bit AES algorithm for the encryption/decryption of the key package. However, screener key(s) are not limited to symmetric key mechanisms, and asymmetric key mechanisms may also be employed without departing from the scope or spirit of the present invention.

Processor 104 may obtain the screener key(s) and content key(s) from a variety of sources, including, but not limited to, content owner 102, a trusted third party, and the like. Processor 104 may also generate the screener key(s) and/or content key(s) itself. Moreover, the screener keys may reside within a key storage (not shown). Each screener key may be indexed in the key storage by a content identifier that is associated with particular content. The key storage may further include access constraints, rights, and the like, associated with a user, content, a targeted secure player, any combination of user, content, and targeted secure player, and the like.

Distributor 106 includes businesses, systems, and the like that obtain rights from content owner 102 to copy and distribute the secure content. Distributor 106 may obtain the rights to copy and distribute from one or more content owners. Distributor 106 may repackage, store, and schedule secure content for subsequent sale, distribution, and license to other distributors, user(s) 114, and the like, using content media 112.

Distributor 106 may copy the secure content onto a variety of content media 112, including, but not limited to a DVD, high definition DVD, Video Compact Disc (VCD), Super VCD (SVCD), Super Audio CD (SACD), and the like. For example, secure content may be copied and distributed on a Dynamic Digital Sound (DDS) content media. Moreover, distributor 106 may also copy and distribute secure content on a Read/Write DVD, CD-Recordable (CD-R), and substantially similar content media. Distributor 106 is not limited to copying and distributing secure content on DVD and CD content media technologies, and virtually any other content media technology may be employed without departing from the scope of the present invention.

Distributor 106 may receive one or more screener keys associated with the one or more key packages. Distributor 106 may also receive authorization information from a variety of trusted sources that indicate whether a user has authorization to access the secure content. Provided that the user does have authorization, distributor 106 may package the received screener key(s) into screener key module 108. Distributor 106 may also include in screener key module 108 a content identifier associated with the secure content, fulfillment rights, access constraints, attributes associated with a targeted secure player, and the like. For example, distributor 106 may include in screener key module 108 attributes that indicate that the secure content is not playable within a selected geographic region.

Distributor 106 may further encrypt the screener key(s), and additional information included on screener key module 108, with a public key associated with the targeted secure player. The targeted secure player's public key may be generated employing a variety of asymmetric encryption mechanisms, including, but not limited to, Diffie-Hellman, RSA, Merkle-Hellman, PGP, X.509, and the like.

In one embodiment, distributor 106 employs a 2048-bit RSA asymmetric (public/private) key associated with the targeted secure player to encrypt the screener key(s). In another embodiment, the public/private key pair associated with the targeted secure player is generated in a Federal Information Processing Standard (FIPS) level 4 device. However, the present invention is not so limited, and another security level may be employed to generate the targeted secure player's public/private key pair.

In any event, the targeted secure player's public key may be made available to distributor 106 through a variety of approaches, including a trusted third party, a network, email, and the like. Moreover, the targeted secure player's private/public keys are bound to the targeted secure player such that they are unique to that particular targeted secure player. Moreover, the targeted secure player is configured to prevent removal of the targeted secure player's private key. Such action further binds the targeted secure player's private key to the targeted secure player.

Distributor 106 may distribute screener key module 108 to user(s) 114 employing a variety of mechanisms, including, but not limited to, a smart card, PCMCIA card, a memory stick, over a network, DVD, CD, tape, floppy disc, and similar removable mechanisms. Screener key module 108 may also be mailed to user(s) 114.

User(s) 114 include end-users, consumers of content, and the like. User(s) 114 further include members of an awards organization, and the like, that receive content (screeners) for review. User(s) 114 may employ various devices to enjoy the content, including but not limited to television appliances, mobile device, PDAs, personal computers, jukeboxes, and the like. User(s) 114 may further employ the secure player described in more detail below in conjunction with FIG. 2 to securely provide the content to the above devices.

User(s) 114 may request content media 112 directly from content owner 102, or at any point along a market stream (e.g., from distributor 106). Moreover, user(s) 114 may receive content media 112 through multiple content owners 102, distributors 106, and the like. User(s) 114 may further receive screener key module(s) 108 from content owner 102, distributor 106, and the like. User(s) 114 may also receive an identity module, described below in conjunction with FIG. 2 that provides user authentication and authorization for access to the secure content. User(s) 114 may employ screener key module(s) 108, and the identity module, to view the secure content on content media 112.

FIG. 2 illustrates a block diagram of an exemplary apparatus for enabling the viewing of secure content. Briefly, secure player 200 is configured to receive content media 112 and screener key module 108 of FIG. 1, and an identity module, and to enable viewing of the secure content on content media 112. As such, secure player 200 may be employed by user(s) 114 within, or coupled to a television appliance, digital recorder, set-top-box, cellular phone, mobile device, PDA, personal computer, jukebox, hybrid Internet-music-player/home-stereo-component-system, and the like.

As shown in FIG. 2, secure player 200 may include many more components than those shown; however, those shown are sufficient to disclose an illustrative embodiment for practicing the invention.

As shown in the figure, secure player 200 includes media drive 202, media player subsystem 204, decryption engine 206, COmpresser/DECompresser (CODEC) 208, key store/manager 210, screener key module 108, key loader 214, identity module 216, authentication module 218, tamper agent 220, and (optional) anticopy protection device 222. Components numbered similarly to those in FIG. 1 operate in a substantially similar manner.

Media player subsystem 204 is in communication with media drive 202 and decryption engine 206. Decryption engine 206 is also in communication with CODEC 208 and key store/manager 210. CODEC 208 is in communication with optional anticopy protection device 222. Key store/manager 210 is further in communication with key loader 214. Key loader 214 is in communication with screener key module 108 and authentication module 218. Authentication module 218 is also in communication with identity module 216. Tamper agent 220 is in communication with decryption engine 206, CODEC 208, key store/manager 210, media player subsystem 204, authentication module 218, and key loader 214.

Media drive 202 includes virtually any device and related software that is configured to receive content media 112 of FIG. 1. Such devices include, but are not limited to, a DVD drive, high definition DVD drive, Super Video CD (SVCD) drive, VCD drive, Super Audio CD (SACD) drive, and other content media devices. For example, media drive 202 may also be Dynamic Digital Sound (DDS) drive. Moreover, media drive 202 may also support write capabilities, such as through a DVD/RW drive, and the like. Media drive 202 and media player subsystem 204 however, are not limited to DVD, and CD technologies, and virtually any other content media technology may be employed without departing from the scope of spirit of the present invention.

Media player subsystem 204 operates in conjunction with media drive 202 to take secure content from the content media supported by media drive 202, and provide it to decryption engine 206. Moreover, media player subsystem 204 and media drive 202 may include the capabilities to enable content media to be erased, destroyed, written over, and the like. For example, media player subsystem 204 may enable the erasure, destruction, disablement, and the like, of the secure content on the content media after a predetermined number of viewings, e.g. a single viewing, indication of unauthorized activity, and the like.

CODEC 208 includes any of a variety of compression/decompression mechanisms configured to receive compressed content and decompress it into a format capable of being rendered for the user's enjoyment. For example, CODEC 208 may employ Moving Pictures Experts Group (MPEG), Joint Photographic Experts Group (JPEG), wavelets, and other mechanisms for compression and decompression of received content.

Key loader 214 is enabled to receive a request to retrieve a screener key from screener key module 108. Key loader 214 may evaluate the request to determine whether the user has sufficient authorization to retrieve the screener key. Key loader 214 may request such authorization from authentication module 218. Key loader 214 may provide authentication module 218 a content identifier, or other information as part of its request for authorization. Additionally, key loader 214 may receive a request to load one or more screener keys, and other information, onto screener key module 108. Again, key loader 214 may seek authorization for such action from authentication module 218.

Authentication module 218 is configured to authenticate a user and to provide authorized access to screener key module 108. Authentication module 218 may receive a request from key loader 214 to access a screener key residing on screener key module 108. Authentication module 218 may also receive a request to store information on screener key module 108. In any event, authentication module 218 employs identity module 216 to determine the user's identity and associated authorization for access to screener key module 108.

Identity module 216 is enabled to provide the identity of a user, and entitlements and rights associated with a content identifier, user, and the like. Identity module 216 may be deployed using a variety of mechanisms, including, but not limited to, biometric, smart card, user name/password, touch-pad code entry, and the like. In one embodiment, identity module 216 is configured to enable virtually any user of secure player 200 to be authenticated to virtually any secure content.

Key store/manager 210 is configured to store and manage encryption/decryption keys, including screener keys, secure player 200's public/private keys, associated information, and the like. The associated information may include entitlements, rights, and the like, associated with at least one of a screener key, user, content, any combination of screener key, user, and content, and the like. Key store/manager 210 may include a database or flat data file, and the like, configured to store and manage the keys, and the associated information in a secure manner. Key store/manager 210 may employ content identifiers to index the screener keys and associated information.

Key store/manager 210 typically securely retains the secure player 200's private/public keys until decryption engine 206 requests them for decryption/encryption of a screener key. Key store/manager 210, however, is configured to ensure that the secure player's private key is not made available beyond use within secure player 200.

Key store/manager 210 securely stores received screener keys until decryption engine 206 requests them for decryption of encrypted content. Key store/manager 210 may retrieve a screener key from screener key module 108 by making a request to key loader 214. Key store/manager 210 may also direct key loader 214 to deactivate screener key module 108 when a screener key has been retrieved from it. Key store/manager 210 may further direct key loader 214 to erase, or otherwise disable, a screener key on screener key module 108, based on an event, such as a pre-determined number of viewings of the associated secure content, unauthorized activity, and the like.

Key store/manager 210 may also employ secure player 200's public key to encrypt a screener key that is to be loaded onto screener key module 108.

Decryption engine 206 is configured to receive a stream of content units from media player subsystem 204. Upon receipt of at least one content unit, decryption engine 206 may make a determination whether the content unit is encrypted. Where a content unit is encrypted, decryption engine 206 may extract one or more key packages from the content stream. Decryption engine 206 may request a screener key from key store/manager 210 to decrypt the key package to, in turn, enable the extraction of one or more content keys associated with the encrypted content unit. Decryption engine 206 employs the one or more content keys to decrypt the encrypted content unit. Decryption engine 206 may further provide the decrypted content unit to CODEC 208.

(Optional) anticopy protection device 222 enables additional protections of decompressed content by scrambling, dirtying, and otherwise encrypting the decompressed content prior to providing it to a descrambler device, and the like. As such anticopy protection device 222 enables a level of protection of the content after it leaves secure player 200.

Tamper agent 220 is enabled to monitor the components in secure player 200, to determine whether any component, including secure player 200, itself, is being tampered with, or otherwise associated with an unauthorized activity. In one embodiment, tamper detection & response protection device 220 operates at least at a FIPS security level 3.

Tamper agent 220 may provide a response based on the results of its monitoring. Such responses may include directing the erasing or otherwise disabling the secure content, locking secure player 200 from an operation, erasing of secure player's public/private keys, screener keys, content keys, and the like, and reporting the detected unauthorized activity.

FIG. 3 illustrates one embodiment of a content stream for providing secure content. Content stream 300 is only one example of a suitable stream of content and is not intended to suggest any limitation as to the scope of use or functionality of the present invention. Thus, other well-known structures and configurations may be employed without departing from the scope of the present invention.

As shown in the figure, content unit stream 300 includes content units 301, 303-306, and key package 302. Although, only one key package (302) is illustrated, it is noted that content stream 300 may include virtually any number of key packages.

Content units 301, and 303-306 may include a variety of content formats. For example, content may be formatted employing Motion Pictures Expert Group (MPEG) format. Content units 301, and 303-306 are not limited to MPEG content formats, and other content formats, including JPEG formats, MP3 formats, and the like, may be employed without departing from scope or spirit of the present invention. However, the MPEG format is employed herein as an example and for ease of illustration.

Briefly, MPEG is an encoding and compression standard for digital broadcast content. MPEG provides compression support for television quality transmission of video broadcast content. Moreover, MPEG provides for compressed audio, control, and even user broadcast content.

MPEG content streams include packetized elementary streams (PES), which typically include fixed (or variable sized) blocks or frames of an integral number of elementary streams (ES) access units. An ES typically is a basic component of an MPEG content stream, and includes digital control data, digital audio, digital video, and other digital content (synchronous or asynchronous). A group of tightly coupled PES packets referenced to substantially the same time base comprises an MPEG program stream (PS). Each PES packet also may be broken into fixed-sized transport packet known as MPEG Transport Streams (TS) that form a general-purpose approach of combining one or more content streams, possible including independent time bases. Moreover, MPEG frames include intra-frames (I-frames), forward predicted frames (P-frames), and bi-directional predicted frames (B-frames).

Content units 301, and 303-306 each may include a portion of the content stream that is partitioned into units of data based on a variety of criteria. For example, content units 301, and 303-306 may include portions of data extracted from the video elementary stream (ES), the audio ES, the digital data ES, and any combination of video, audio, data elementary streams of the content stream. For example, content units 301, and 303-306 may be composed of ten second portions of a video ES. Moreover, content units 301, and 303-306 need not include the same length, density, and the like, of content from the content stream.

Content units 301, and 303-306 may be selectively encrypted using one or more content keys. That is, content units 301 and 303 may be encrypted, while content units 304-306 are left in the clear. Additionally, encryption may be selectively applied to at least a portion of the video elementary stream (ES), the audio ES, the digital data ES, and any combination and any portion of video, audio, data elementary streams that comprise content stream 300. Selective encryption may further include selectively encrypting at least a portion of an I-frame, P-frame, B-frame, and any combination of P, B, and I frames.

Key package 302 may include one or more content keys used to encrypt content units, and a content identifier associated with a content stream 300. The key package 302 may also include access constraints, entitlements, and the like, associated with content stream 300. Key package 302 may further include synchronization information that indicates which content key is associated with which content unit (301, 302-306) of content stream 300.

Key package 302 may be encrypted employing a targeted secure player's public/private key. In one embodiment, the targeted secure player's public/private keys are generated in a FIPS level 4 device. However, the present invention is not so limited, and lower security levels may be employed to generate the target secure player's public/private keys. In one embodiment, key package 302 is left in the clear, and only the content key(s) are encrypted with the targeted secure player's public/private key.

Generalized Operation

The operation of certain aspects of the present invention will now be described with respect to FIGS. 4-6.

FIG. 4 illustrates a flow diagram generally showing one embodiment for an end-to-end process of providing and viewing secure content. Process 400 may operate, for example, within operating environment 100 in FIG. 1.

Process 400 begins, after a start block, at block 402. Block 402 is described in more detail below in conjunction with FIG. 5. Briefly, however, at block 402 secure content is created, by selectively encrypting at least one content unit within a content stream. The selective content unit is encrypted employing at least one content key. The employed content key(s), along with additional information, may be further encrypted and embedded within the content stream. The modified content stream is transferred to a content media, such as content media 112 in FIG. 1.

Processing proceeds to block 404 where the content media and key package are distributed to a user, such as user(s) 114 in FIG. 1. The content media may be distributed employing a variety of mechanisms, including mail, and the like. The screener key module may include a memory stick, a smart card, a DVD, disk, tape, and the like. The screener key module may be distributed to the user through a different distribution mechanism than employed for the content media. The screener key module may be distributed, for example, by employing the hard media described above, by transmission over a network, by mail, and by a variety of other distribution mechanisms.

Processing continues to block 406, which is described in more detail below in conjunction with FIG. 6. Briefly, however, at block 406, a secure player, together with the screener key module, and an identity module, are employed to decrypt and view the content stream located on the content media. Upon completion of the actions at block 406, processing returns to processing other actions.

FIG. 5 illustrates a flow diagram generally showing one embodiment for a process of generating secure content. Process 500 may operate, for example, within operating environment 100 in FIG. 1.

Process 500 begins, after a start block, at block 502, where a stream of content units is created. A content owner, producer, and the like, may create the stream of content units, by subdividing a content stream into units of data based on a variety of criteria, as described above in conjunction with FIG. 3.

Processing proceeds to block 504, where at least one content key is generated. A content key may be generated employing any of a number of encryption/decryption symmetric mechanisms, including, but not limited to Advanced Encryption Standard (AES), RSA, RC6, IDEA, DES, RC2, RC5, Skipjack, and any other symmetric encryption algorithm. Moreover, such encryption algorithms may use, where appropriate, cipher block chaining mode, cipher feedback mode, CBC cipher text stealing (CTS), CFB, OFB, counter mode, and/or any other block mode. In one embodiment, content keys are generated employing an at least 128 bit AES encryption/decryption algorithm. However, content key generation is not limited to symmetric key mechanisms, and asymmetric key mechanisms may also be employed without departing from the scope of the present invention.

Processing continues to block 506, where at least one content key is employed to selectively encrypt a content unit in the content stream. Selective encryption may include selecting a content unit at random in the content stream for encryption, selecting every N/th content unit in the content stream, and the like. Selective encryption may also include selectively encrypting at least a portion of the content unit, such as at least a portion the video elementary stream (ES), the audio ES, the digital data ES, and any combination of video, audio, data elementary streams in the content unit. Selective encryption may further include encrypting a frame in the content unit, such as the I-frame, P-frame, B-frame, and any combination of P, B, and I frames of the content unit.

Moreover, selective encryption may further include varying the content key employed to encrypt selected content units. For example, in one embodiment, a set of content keys is rotated through on some basis, such as every ten seconds, to encrypt the content units.

Processing next proceeds to block 508, where a screener key module is created. The screener key module may include a content identifier associated with the content and a screener key. The screener key module may also include entitlements, rights and the like associated with the content. Moreover, the screener key may be encrypted employing a public/private key that is bound to the targeted secure player.

Processing continues to block 510, where a key package is created. The key package may include at least one content key, a content identifier associated with the content, access constraints, entitlements, and the like, substantially as described above in conjunction with FIG. 3. In one embodiment, the at least one content key is encrypted using the screener key. In another embodiment, the key package is encrypted. In still another embodiment, the content identifier associated with the content remains unencrypted.

Processing continues to block 512, where the key package is embedded into the content unit stream. Processing proceeds to block 514, where the modified content units are written to a content media, such as a DVD, high definition DVD, and the like. Upon completion of block 514, processing returns to perform other actions.

It is understood that several blocks of FIG. 5 can be implemented in a different sequence, combination of sequences, and the like, without departing from the scope or spirit of the present invention. For example, block 506 may be performed prior to, or even in combination with, block 504.

FIGS. 6A-6B illustrate a flow diagram generally showing one embodiment for a process of viewing secure content. Process 600 may operate, for example, within secure player 200 of FIG. 2.

Process 600 begins, after a start block, at block 602, where a content unit is read from a content media. Processing proceeds to decision block 604, where a determination is made whether the read content unit is encrypted. If it is determined that the read content unit is encrypted, processing branches to block 610; otherwise, processing branches to block 606.

At block 610, a key package is extracted from the content stream on the content media. Processing continues to block 614, where a content identifier is extracted from the key package. In one embodiment, the content identifier is already “in the clear.” Processing proceeds to block 616, where the content identifier is employed as an index to locate a screener key associated with the secure content.

Processing continues to decision block 618, where a determination is made whether a screener key associated with the content identifier is located in an existing database, file, directory, and the like, of existing screener keys. If a screener key is not located, processing branches to block 620; otherwise, processing branches to decision block 626.

At block 620, a request is made to obtain a user identity for authorizing access to a screener key module. The request may require entering a user name/password, a biometric entry, and the like. In one embodiment, the request may require the user to insert a smart card that includes an identification key. Processing continues to decision block 622, where a determination is made whether the received identity is valid. If the received identity is valid, processing branches to block 624; otherwise, processing returns to perform other actions. In one embodiment, such other actions, may include, but is not limited to, enabling the user to attempt to re-enter a valid identity, erasing the content media, locking the user from access of the content media, and the like.

At block 624, the valid user identity is employed to enable access to the screener key located on a screener key module. Processing continues to decision block 626.

At decision block 626, a determination is made whether the validated user has appropriate access rights, entitlements, and the like, to the content unit. If so, processing branches to block 628; otherwise, processing returns to perform other actions, such as described above, at decision block 622.

At block 628, the screener key is decrypted using the private key that is bound to the targeted secure player. Processing continues to block 630, where the decrypted screener key is employed to decrypt the content key. In one embodiment, the decrypted screener key is employed to decrypt the key package and extract the content key. Processing continues to block 632, where the decrypted content key is employed to decrypt the encrypted content unit. Processing continues to block 606.

At block 606, a CODEC is employed to decompress the current content unit. Processing then proceeds to block 608, where the decompressed content is provided to a device, such as a television, and the like, for user enjoyment. In one embodiment, at block 608, the decompressed content is further copy protected. Thus, the decompressed content may be passed through an optional anticopy protection device, prior to forwarding the decompressed content. Upon completion of the actions at block 608, the process returns to performing other actions.

It will be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by computer program instructions. These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks. The computer program instructions may be executed by a processor to cause a series of operational steps to be performed by the processor to produce a computer implemented process such that the instructions, which execute on the processor provide steps for implementing the actions specified in the flowchart block or blocks.

Accordingly, blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.

The above specification, examples, and data provide a complete description of the manufacture and use of the composition of the invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the claims hereinafter appended.

INVENTORS:

Morten, Glenn A.

THIS PATENT IS REFERENCED BY THESE PATENTS:

Patent	Priority	Assignee	Title
10102648,	Dec 12 2011	GOOGLE LLC	Browser/web apps access to secure surface
10212460,	Dec 12 2011	GOOGLE LLC	Method for reducing time to first frame/seek frame of protected digital content streams
10212486,	Dec 04 2009	DivX CF Holdings LLC; DIVX, LLC	Elementary bitstream cryptographic material transport systems and methods
10225299,	Dec 31 2012	DivX CF Holdings LLC; DIVX, LLC	Systems, methods, and media for controlling delivery of content
10225588,	Sep 01 2011	DIVX, LLC	Playback devices and methods for playing back alternative streams of content protected using a common set of cryptographic keys
10244272,	Sep 01 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
10264255,	Mar 15 2013	DIVX, LLC	Systems, methods, and media for transcoding video data
10321168,	Apr 05 2014	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for encoding and playing back video at different frame rates using enhancement layers
10341698,	Sep 01 2011	DIVX, LLC	Systems and methods for distributing content using a common set of encryption keys
10368096,	Jan 05 2011	DIVX, LLC	Adaptive streaming systems and methods for performing trick play
10382785,	Jan 05 2011	DIVX, LLC	Systems and methods of encoding trick play streams for use in adaptive streaming
10397292,	Mar 15 2013	DivX CF Holdings LLC; DIVX, LLC	Systems, methods, and media for delivery of content
10437896,	Jan 07 2009	DivX CF Holdings LLC; DIVX, LLC	Singular, collective, and automated creation of a media guide for online content
10452759,	Dec 12 2011	GOOGLE LLC	Method and apparatus for protection of media objects including HTML
10462537,	May 30 2013	DivX CF Holdings LLC; DIVX, LLC	Network video streaming with trick play based on separate trick play files
10484749,	Dec 04 2009	DIVX, LLC	Systems and methods for secure playback of encrypted elementary bitstreams
10498795,	Feb 17 2017	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
10542303,	Aug 07 2014	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
10572633,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for instantiating plugin from within browser
10645430,	Dec 12 2011	GOOGLE LLC	Reducing time to first encrypted frame in a content stream
10687095,	Sep 01 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for saving encoded media streamed using adaptive bitrate streaming
10715806,	Mar 15 2013	DIVX, LLC	Systems, methods, and media for transcoding video data
10805368,	Dec 31 2012	DIVX, LLC	Systems, methods, and media for controlling delivery of content
10856020,	Sep 01 2011	DIVX, LLC	Systems and methods for distributing content using a common set of encryption keys
10878065,	Mar 14 2006	DivX CF Holdings LLC; DIVX, LLC	Federated digital rights management scheme including trusted systems
10880620,	May 31 2013	DIVX, LLC	Playback synchronization across playback devices
10904594,	May 24 2016	DIVX, LLC	Systems and methods for providing variable speeds in a trick-play mode
10931982,	Aug 30 2011	DIVX, LLC	Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
10979782,	Aug 31 2012	DIVX, LLC	System and method for decreasing an initial buffering period of an adaptive streaming system
11012641,	Dec 08 2003	DIVX, LLC	Multimedia distribution system for multimedia files with interleaved media chunks of varying types
11017816,	Dec 08 2003	DIVX, LLC	Multimedia distribution system
11044502,	May 24 2016	DIVX, LLC	Systems and methods for providing audio content during trick-play playback
11050808,	Jan 05 2007	DIVX, LLC	Systems and methods for seeking within multimedia content during streaming playback
11064235,	Jun 15 2016	DIVX, LLC	Systems and methods for encoding video content
11102553,	Dec 04 2009	DIVX, LLC	Systems and methods for secure playback of encrypted elementary bitstreams
11115450,	Aug 31 2011	DIVX, LLC	Systems, methods, and media for playing back protected video content by using top level index file
11134115,	Feb 27 2015	DIVX, LLC	Systems and methods for frame duplication and frame extension in live video encoding and streaming
11159746,	Dec 08 2003	DIVX, LLC	Multimedia distribution system for multimedia files with packed frames
11178200,	Dec 30 2013	DIVX, LLC	Systems and methods for playing adaptive bitrate streaming content by multicast
11178435,	Sep 01 2011	DIVX, LLC	Systems and methods for saving encoded media streamed using adaptive bitrate streaming
11190497,	Aug 31 2011	DIVX, LLC	Systems and methods for application identification
11272232,	May 31 2013	DIVX, LLC	Synchronizing multiple over the top streaming clients
11297263,	Dec 08 2003	DIVX, LLC	Multimedia distribution system for multimedia files with packed frames
11343300,	Feb 17 2017	DIVX, LLC	Systems and methods for adaptive switching between multiple content delivery networks during adaptive bitrate streaming
11349892,	Jan 06 2015	DIVX, LLC	Systems and methods for encoding and sharing content between devices
11355159,	Dec 08 2003	DIVX, LLC	Multimedia distribution system
11438394,	Dec 31 2012	DIVX, LLC	Systems, methods, and media for controlling delivery of content
11457054,	Aug 30 2011	DIVX, LLC	Selection of resolutions for seamless resolution switching of multimedia content
11483609,	Jun 15 2016	DIVX, LLC	Systems and methods for encoding video content
11495266,	Nov 16 2007	DIVX, LLC	Systems and methods for playing back multimedia files incorporating reduced index structures
11509839,	Dec 08 2003	DIVX, LLC	Multimedia distribution system for multimedia files with packed frames
11526582,	Jan 06 2012	DIVX, LLC	Systems and methods for enabling playback of digital content using status associable electronic tickets and ticket tokens representing grant of access rights
11528540,	Aug 31 2012	DIVX, LLC	System and method for decreasing an initial buffering period of an adaptive streaming system
11539780,	Mar 30 2016	DIVX, LLC	Systems and methods for quick start-up of playback
11546643,	May 24 2016	DIVX, LLC	Systems and methods for providing audio content during trick-play playback
11558564,	Dec 08 2003	DIVX, LLC	Multimedia distribution system for multimedia files with packed frames
11611785,	Aug 30 2011	DIVX, LLC	Systems and methods for encoding and streaming video encoded using a plurality of maximum bitrate levels
11638033,	Jan 05 2011	DIVX, LLC	Systems and methods for performing adaptive bitrate streaming
11683542,	Sep 01 2011	DIVX, LLC	Systems and methods for distributing content using a common set of encryption keys
11706276,	Jan 05 2007	DIVX, LLC	Systems and methods for seeking within multimedia content during streaming playback
11711410,	Jan 06 2015	DIVX, LLC	Systems and methods for encoding and sharing content between devices
11711552,	Apr 05 2014	DIVX, LLC	Systems and methods for encoding and playing back video at different frame rates using enhancement layers
11716371,	Aug 31 2011	DIVX, LLC	Systems and methods for automatically generating top level index files
11729451,	Jun 15 2016	DIVX, LLC	Systems and methods for encoding video content
11735227,	Dec 08 2003	DIVX, LLC	Multimedia distribution system
11735228,	Dec 08 2003	DIVX, LLC	Multimedia distribution system
11765410,	May 31 2013	DIVX, LLC	Synchronizing multiple over the top streaming clients
11785066,	Dec 31 2012	DIVX, LLC	Systems, methods, and media for controlling delivery of content
11824912,	Feb 27 2015	DIVX, LLC	Systems and methods for frame duplication and frame extension in live video encoding and streaming
11825142,	Mar 21 2019	DIVX, LLC	Systems and methods for multimedia swarms
11849112,	Mar 15 2013	DIVX, LLC	Systems, methods, and media for distributed transcoding video data
11870758,	Aug 31 2011	DIVX, LLC	Systems and methods for application identification
11886545,	Mar 14 2006	DIVX, LLC	Federated digital rights management scheme including trusted systems
11895348,	May 24 2016	DIVX, LLC	Systems and methods for providing variable speeds in a trick-play mode
7987502,	Mar 13 2003	Digital Reg of Texas, LLC	Secure streaming container
8205076,	Oct 15 2008	Adobe Inc	Imparting real-time priority-based network communications in an encrypted communication session
8245033,	Oct 15 2008	Adobe Inc	Imparting real-time priority-based network communications in an encrypted communication session
8284932,	Oct 15 2007	Adobe Inc	Imparting cryptographic information in network communications
8542825,	Oct 15 2007	Adobe Inc	Imparting cryptographic information in network communications
8656183,	Mar 14 2006	DivX CF Holdings LLC; DIVX, LLC	Federated digital rights management scheme including trusted systems
8751800,	Dec 12 2011	GOOGLE LLC	DRM provider interoperability
8769614,	Dec 29 2009	AKAMAI TECHNOLOGIES, INC	Security framework for HTTP streaming architecture
8891765,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for content decryption module
8909922,	Sep 01 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
8918636,	Sep 01 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for protecting alternative streams in adaptive bitrate streaming systems
8918644,	Oct 15 2008	Adobe Inc	Imparting real-time priority-based network communications in an encrypted communication session
8984285,	Dec 12 2011	GOOGLE LLC	Use of generic (browser) encryption API to do key exchange (for media files and player)
8997161,	Jan 02 2008	DivX CF Holdings LLC; DIVX, LLC	Application enhancement tracks
9003558,	Dec 12 2011	GOOGLE LLC	Allowing degraded play of protected content using scalable codecs when key/license is not obtained
9055051,	Oct 15 2007	Adobe Inc	Imparting cryptographic information in network communications
9088550,	Nov 26 2012	Amazon Technologies, Inc	Love latency content presentation
9094737,	May 30 2013	DivX CF Holdings LLC; DIVX, LLC	Network video streaming with trick play based on separate trick play files
9110902,	Dec 12 2011	GOOGLE LLC	Application-driven playback of offline encrypted content with unaware DRM module
9124773,	Dec 04 2009	DivX CF Holdings LLC; DIVX, LLC	Elementary bitstream cryptographic material transport systems and methods
9129092,	Dec 12 2011	Google Inc.	Detecting supported digital rights management configurations on a client device
9183405,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for content protection for HTML media elements
9184920,	Mar 14 2006	DivX CF Holdings LLC; DIVX, LLC	Federated digital rights management scheme including trusted systems
9210481,	Jan 05 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for performing smooth visual search of media encoded for adaptive bitrate streaming via hypertext transfer protocol using trick play streams
9223988,	Dec 12 2011	GOOGLE LLC	Extending browser functionality with dynamic on-the-fly downloading of untrusted browser components
9239912,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for content protection using authentication data
9247311,	Sep 01 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
9247317,	May 30 2013	DivX CF Holdings LLC; DIVX, LLC	Content streaming with client device trick play index
9311459,	Dec 12 2011	GOOGLE LLC	Application-driven playback of offline encrypted content with unaware DRM module
9326012,	Dec 12 2011	GOOGLE LLC	Dynamically changing stream quality when user is unlikely to notice to conserve resources
9485238,	Dec 29 2009	Akamai Technologies, Inc.	Security framework for HTTP streaming architecture
9542368,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for instantiating plugin from within browser
9621522,	Sep 01 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
9686234,	Dec 12 2011	GOOGLE LLC	Dynamically changing stream quality of protected content based on a determined change in a platform trust
9697185,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for protection of media objects from the web application environment
9697363,	Dec 12 2011	GOOGLE LLC	Reducing time to first encrypted frame in a content stream
9697366,	Dec 12 2011	GOOGLE LLC	Use of generic (browser) encryption API to do key exchange (for media files and player)
9706259,	Dec 04 2009	DivX CF Holdings LLC; DIVX, LLC	Elementary bitstream cryptographic material transport systems and methods
9712890,	May 30 2013	DivX CF Holdings LLC; DIVX, LLC	Network video streaming with trick play based on separate trick play files
9762937,	Aug 07 2014	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for protecting elementary bitstreams incorporating independently encoded tiles
9785759,	Dec 12 2011	GOOGLE LLC	Method, manufacture, and apparatus for configuring multiple content protection systems
9798863,	Mar 14 2006	DivX CF Holdings LLC; DIVX, LLC	Federated digital rights management scheme including trusted systems
9866878,	Apr 05 2014	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for encoding and playing back video at different frame rates using enhancement layers
9875363,	Dec 12 2011	GOOGLE LLC	Use of generic (browser) encryption API to do key exchange (for media files and player)
9883204,	Jan 05 2011	DivX CF Holdings LLC; DIVX, LLC	Systems and methods for encoding source media in matroska container files for adaptive bitrate streaming using hypertext transfer protocol
9906785,	Mar 15 2013	DivX CF Holdings LLC; DIVX, LLC	Systems, methods, and media for transcoding video data according to encoding parameters indicated by received metadata
9967305,	Jun 28 2013	DivX CF Holdings LLC; DIVX, LLC	Systems, methods, and media for streaming media content
RE48748,	Jun 29 2011	DIVX, LLC	Systems and methods for estimating available bandwidth and performing initial stream selection when streaming content
RE48761,	Dec 31 2012	DIVX, LLC	Use of objective quality measures of streamed content to reduce streaming bandwidth

THIS PATENT REFERENCES THESE PATENTS:

Patent	Priority	Assignee	Title
4535355,	Jun 23 1982	Microdesign Limited	Method and apparatus for scrambling and unscrambling data streams using encryption and decryption
4694489,	Dec 22 1983		Video transmission system
5067035,	May 22 1987	Kudelski SA fabrique de'enregistreurs Nagra	Error prevention in a recording and reproducing device with at least one rotating head
5134656,	Feb 22 1989	NAGRA PLUS S A	Pre-payment television system using a memory card associated with a decoder
5144663,	Apr 18 1986	NAGRA PLUS S A	Method of interactive communication between a subscriber and a decoder of a system of pay-television and decoder thereof
5191611,	Apr 03 1989	LANRALD DATA MGMT NV, LLC	Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
5339413,	Aug 21 1992	International Business Machines Corporation	Data stream protocol for multimedia data streaming data processing system
5375168,	Feb 21 1990	NAGRA PLUS S A	Method for scrambling and unscrambling a video signal
5392351,	Mar 16 1992	Fujitsu Limited	Electronic data protection system
5487167,	Dec 31 1991	LENOVO SINGAPORE PTE LTD	Personal computer with generalized data streaming apparatus for multimedia devices
5539450,	Apr 16 1993	Cisco Systems, Inc	Methods and systems for providing additional service applications in pay television
5590200,	Dec 09 1993	Cisco Technology, Inc	Apparatus and method for securing communication systems
5592212,	Apr 16 1993	Cisco Systems, Inc	Methods and systems for non-program applications for subscriber television
5621799,	Oct 19 1993	Matsushita Electric Industrial Co., Ltd.	Scrambled transmission system
5640546,	Feb 23 1993	UP TWO, INC	Composition of systems of objects by interlocking coordination, projection, and distribution
5666412,	Oct 03 1994	NDS Limited	Secure access systems and methods utilizing two access cards
5684876,	Sep 23 1996	Cisco Technology, Inc	Apparatus and method for cipher stealing when encrypting MPEG transport packets
5758257,	Nov 29 1994	Pinpoint Incorporated	System and method for scheduling broadcast of and access to video programs and other data using customer profiles
5774527,	Jan 21 1994	Cisco Systems, Inc	Integrated telephone and cable communication networks
5774546,	Oct 03 1994	NDS Limited	Secure access system utilizing an access card having more than one embedded integrated circuit and/or plurality of security levels
5799089,	Oct 14 1993	IRDETO B V	System and apparatus for blockwise encryption/decryption of data
5805705,	Jan 29 1996	International Business Machines Corporation	Synchronization of encryption/decryption keys in a data communication network
5870474,	Dec 04 1995	TECH 5 SAS	Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
5878134,	Oct 03 1994	NDS Limited	Secure access systems utilizing more than one IC card
5883957,	Oct 17 1996	LIVE UPDATE, INC	Methods and apparatus for encrypting and decrypting MIDI files
5892900,	Aug 30 1996	INTERTRUST TECHNOLOGIES CORP	Systems and methods for secure transaction management and electronic rights protection
5910987,	Feb 13 1995	INTERTRUST TECHNOLOGIES CORP	Systems and methods for secure transaction management and electronic rights protection
5915019,	Feb 13 1995	Intertrust Technologies Corp.	Systems and methods for secure transaction management and electronic rights protection
5917912,	Feb 13 1995	Intertrust Technologies Corporation	System and methods for secure transaction management and electronic rights protection
5920625,	Apr 08 1994	IRDETO B V	Method and apparatus for transmitting and receiving encrypted signals
5920861,	Feb 25 1997	INTERTRUST TECHNOLOGIES CORP	Techniques for defining using and manipulating rights management data structures
5922208,	Jun 08 1995	Defil N.V. Holland Intertrust (Antilles) N.V.	Filter device
5923666,	Oct 24 1995	Cisco Technology, Inc	Decoding carriers encoded using orthogonal frequency division multiplexing
5933498,	Jan 11 1996	HANGER SOLUTIONS, LLC	System for controlling access and distribution of digital property
5939975,	Sep 19 1996	Cisco Technology, Inc	Theft prevention system and method
5943422,	Aug 12 1996	Intertrust Technologies Corp.; INTERTRUST TECHNOLOGIES CORP	Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
5949876,	Feb 13 1995	Intertrust Technologies Corporation	Systems and methods for secure transaction management and electronic rights protection
5982891,	Feb 13 1995	Intertrust Technologies Corp.	Systems and methods for secure transaction management and electronic rights protection
5991399,	Dec 18 1997	HONEYMAN CIPHER SOLUTIONS LLC	Method for securely distributing a conditional use private key to a trusted entity on a remote system
6009116,	May 05 1995	PHILIP A RUBIN AND ASSOCIATES, INC	GPS TV set top box with regional restrictions
6009401,	Apr 06 1998	SAFENET DATA SECURITY ISRAEL LTD	Relicensing of electronically purchased software
6009525,	Aug 29 1997	SAFENET DATA SECURITY ISRAEL LTD	Multi-tier electronic software distribution
6021197,	Jun 23 1995	IRDETO B V	Method and apparatus for controlling the operation of a signal decoder in a broadcasting system
6035037,	Aug 04 1995	Thomson Electronic Consumers, Inc.	System for processing a video signal via series-connected high speed signal processing smart cards
6038433,	Oct 02 1996	IRDETO B V	Method for automatically searching a frequency range for signal channels in a receiver for digitally modulated signals, and receiver for applying such a method
6049671,	Apr 18 1996	ZHIGU HOLDINGS LIMITED	Method for identifying and obtaining computer software from a network computer
6055503,	Aug 29 1997	SAFENET DATA SECURITY ISRAEL LTD	Software program self-modification
6073256,	Apr 11 1997	SAFENET DATA SECURITY ISRAEL LTD	Digital product execution control
6112181,	Nov 06 1997	INTERTRUST TECHNOLOGIES CORP	Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
6138119,	Feb 25 1997	Intertrust Technologies Corp.	Techniques for defining, using and manipulating rights management data structures
6141753,	Feb 10 1998	Thomson Licensing; Mitsubishi Corporation	Secure distribution of digital representations
6157721,	Aug 12 1996	INTERTRUST TECHNOLOGIES CORP	Systems and methods using cryptography to protect secure computing environments
6160891,	Oct 20 1997	Oracle America, Inc	Methods and apparatus for recovering keys
6178242,	Feb 07 1997	SYNAMEDIA LIMITED	Digital recording protection system
6185683,	Feb 13 1995	Intertrust Technologies Corp.	Trusted and secure techniques, systems and methods for item delivery and execution
6189097,	Mar 24 1997	SAFENET DATA SECURITY ISRAEL LTD	Digital Certificate
6191782,	Aug 30 1996	Panasonic Intellectual Property Corporation of America	Terminal apparatus and method for achieving interactive operations by displaying a desired piece of image information at high speed using cache memories, out of a large amount of image information sent in a one-way direction
6226618,	Aug 13 1998	Level 3 Communications, LLC	Electronic content delivery system
6226794,	Sep 17 1996	MEDIATEK, INC	Set top terminal for an interactive information distribution system
6237786,	Feb 13 1995	INTERTRUST TECHNOLOGIES CORP	Systems and methods for secure transaction management and electronic rights protection
6240185,	Aug 12 1996	Intertrust Technologies Corporation	Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
6247950,	Mar 20 1998	The DIRECTV Group, Inc	Secure smart card and tool for removing same
6253193,	Feb 13 1995	Intertrust Technologies Corporation	Systems and methods for the secure transaction management and electronic rights protection
6256668,	Apr 18 1996	ZHIGU HOLDINGS LIMITED	Method for identifying and obtaining computer software from a network computer using a tag
6272636,	Apr 11 1997	SAFENET DATA SECURITY ISRAEL LTD	Digital product execution control and security
6285985,	Apr 03 1998	SAFENET DATA SECURITY ISRAEL LTD	Advertising-subsidized and advertising-enabled software
6292569,	Aug 12 1996	Intertrust Technologies Corp.	Systems and methods using cryptography to protect secure computing environments
6298441,	Mar 10 1994	SYNAMEDIA LIMITED	Secure document access system
6311221,	Jul 22 1998	Symantec Corporation	Streaming modules
6314409,	Nov 05 1997	HANGER SOLUTIONS, LLC	System for controlling access and distribution of digital property
6314572,	May 29 1998	COX COMMUNICATIONS, INC	Method and apparatus for providing subscription-on-demand services, dependent services and contingent services for an interactive information distribution system
6334213,	Jan 20 1998	SAFENET DATA SECURITY ISRAEL LTD	Merging of separate executable computer programs to form a single executable computer program
6363488,	Feb 13 1995	INTERTRUST TECHNOLOGIES CORP	Systems and methods for secure transaction management and electronic rights protection
6385596,	Feb 06 1998	Microsoft Technology Licensing, LLC	Secure online music distribution system
6389402,	Feb 13 1995	INTERTRUST TECHNOLOGIES CORP	Systems and methods for secure transaction management and electronic rights protection
6405369,	Mar 18 1996	Cisco Technology, Inc	Smart card chaining in pay television systems
6409080,	Mar 27 2000	Kabushiki Kaisha Toshiba	Portable electronic device and loyalty point system
6409089,	Dec 10 1997	INTERDIGITAL CE PATENT HOLDINGS	Method for protecting the audio/visual data across the NRSS interface
6415031,	Mar 12 1999	Comcast IP Holdings I, LLC	Selective and renewable encryption for secure distribution of video on-demand
6427140,	Feb 13 1995	Intertrust Technologies Corp.	Systems and methods for secure transaction management and electronic rights protection
6449367,	Aug 12 1996	Intertrust Technologies Corp.	Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
6449719,	Nov 09 1999	GOOGLE LLC	Process and streaming server for encrypting a data stream
6459427,	Apr 01 1998	Comcast Cable Communications Management, LLC	Apparatus and method for web-casting over digital broadcast TV network
6466670,	May 21 1998	SYNAMEDIA LIMITED	System for preventing playback of unauthorized digital video recordings
6505299,	Mar 01 1999	RAKUTEN, INC	Digital image scrambling for image coding systems
6587561,	Mar 04 1998	SYNAMEDIA LIMITED	Key delivery in a secure broadcasting system
6618484,	Aug 12 1996	Intertrust Technologies Corporation	Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
6629243,	Oct 07 1998	Cisco Technology, Inc	Secure communications system
6633918,	Oct 06 1998	Intel Corporation	System and method for providing random access to a multimedia object over a network
6634028,	Aug 19 1993	Cisco Systems, Inc	Television system communicating individually addressed information
6640304,	Feb 13 1995	Intertrust Technologies Corporation	Systems and methods for secure transaction management and electronic rights protection
6651170,	Jan 14 1998	IRDETO B V	Integrated circuit and smart card comprising such a circuit
6654420,	Oct 29 1999	Koninklijke Philips Electronics N V	Video encoding-method
6654423,	Dec 02 1999	LG Electronics Inc.	PID/section filter in digital television system
6658568,	Feb 13 1995	Intertrust Technologies Corporation	Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
6668325,	Jun 09 1997	INTERTRUST TECHNOLOGIES CORP	Obfuscation techniques for enhancing software security
6792113,	Dec 20 1999	Microsoft Technology Licensing, LLC	Adaptable security mechanism for preventing unauthorized access of digital data
7007170,	Mar 18 2003	GOOGLE LLC	System, method, and apparatus for securely providing content viewable on a secure device
20020001385,
20020015498,
20020021805,
20020049679,
20020089410,
20020104004,
20020141582,
20030007568,
20030046568,
20040117500,
20040151315,
20040184616,
20050193205,
20050273862,
EP852445,
EP886409,
EP1134977,
EP1246463,
EP658054,
EP714204,
JP10336128,
JP11175475,
JP2000022680,
JP20000293945,
JP2000196585,
JP2001251599,
JP3203432,
JP8355040,
WO1193212,
WO135571,
WO221761,
WO2004002112,
WO9606504,
WO9632702,
WO9921364,
WO9928842,
WO9930499,
WO9954453,

ASSIGNMENT RECORDS Assignment records on the USPTO

/////

Executed on	Assignor	Assignee	Conveyance	Frame	Reel	Doc
Dec 27 2005		Widevine Technologies, Inc.	(assignment on the face of the patent)
Jan 31 2006	MORTEN, GLENN A	Widevine Technologies, Inc	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	017233	0637	pdf
Jul 30 2009	Widevine Technologies, Inc	VENTURE LENDING & LEASING V, INC	SECURITY AGREEMENT	023044	0724	pdf
Jun 08 2011	Widevine Technologies, Inc	Google Inc	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	026486	0756	pdf
Sep 29 2017	Google Inc	GOOGLE LLC	CHANGE OF NAME SEE DOCUMENT FOR DETAILS	044101	0610	pdf

MAINTENANCE FEES AND DATES: Maintenance records on the USPTO

Date	Maintenance Fee Events
Oct 17 2011	STOL: Pat Hldr no Longer Claims Small Ent Stat
Mar 14 2013	M1551: Payment of Maintenance Fee, 4th Year, Large Entity.
Jun 29 2017	M1552: Payment of Maintenance Fee, 8th Year, Large Entity.
Jun 29 2021	M1553: Payment of Maintenance Fee, 12th Year, Large Entity.

Date	Maintenance Schedule
Dec 29 2012	4 years fee payment window open
Jun 29 2013	6 months grace period start (w surcharge)
Dec 29 2013	patent expiry (for year 4)
Dec 29 2015	2 years to revive unintentionally abandoned end. (for year 4)
Dec 29 2016	8 years fee payment window open
Jun 29 2017	6 months grace period start (w surcharge)
Dec 29 2017	patent expiry (for year 8)
Dec 29 2019	2 years to revive unintentionally abandoned end. (for year 8)
Dec 29 2020	12 years fee payment window open
Jun 29 2021	6 months grace period start (w surcharge)
Dec 29 2021	patent expiry (for year 12)
Dec 29 2023	2 years to revive unintentionally abandoned end. (for year 12)